Authenticated Resource Management in Delay-Tolerant Networks using - - PowerPoint PPT Presentation

authenticated resource management in delay tolerant
SMART_READER_LITE
LIVE PREVIEW

Authenticated Resource Management in Delay-Tolerant Networks using - - PowerPoint PPT Presentation

Feb 20, 2023 424 likes •683 views

Authenticated Resource Management in Delay-Tolerant Networks using Proxy Signatures Dominik Sch urmann, J org Ott, Lars Wolf March 18, 2013 Motivation Buffer Management Our Approach Evaluation Conclusion Mobile Communication in Rural

slide-1
SLIDE 1

Authenticated Resource Management in Delay-Tolerant Networks using Proxy Signatures

Dominik Sch¨ urmann, J¨

  • rg Ott, Lars Wolf

March 18, 2013

slide-2
SLIDE 2

Motivation Buffer Management Our Approach Evaluation Conclusion

Mobile Communication in Rural Areas of Africa

Unreliable cell infrastructure (power outages) Relative high monthly costs: Nigerians living on $ 2 a day or less ⇒ Delay-Tolerant Networks (DTN) (RFC 5050)

Mit Mobile Money gegen ”finanzielle Apartheid”. 2009. url: http://www.zeit.de/digital/mobil/2009-11/m-money-africa;

  • Nigeria. 2012. url: http://topics.nytimes.com/top/news/international/countriesandterritories/nigeria/index.html

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 1

slide-3
SLIDE 3

Motivation Buffer Management Our Approach Evaluation Conclusion

Hop-by-hop Communication in DTNs

Alice Bob Charlie Trudy Eve Victor Unknown meeting times Limited buffer space

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 2

slide-4
SLIDE 4

Motivation Buffer Management Our Approach Evaluation Conclusion

Example Attacks on Storage Buffers

Denial-of-Service

Flooding with big messages, differing in content, and forge source IDs. Set lifetime of bundle very high.

Multicast Amplification

Address bundle to multicast EID, set Report-to-EID to multicast EID

More DTN-Specific Attacks. . .

“Amplification by Fragmentation”, “Amplification by Custody Transfers”,. . . Charlie Trudy Eve Victor

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 3

slide-5
SLIDE 5

Motivation Buffer Management Our Approach Evaluation Conclusion

Example Attacks on Storage Buffers

Denial-of-Service

Flooding with big messages, differing in content, and forge source IDs. Set lifetime of bundle very high.

Multicast Amplification

Address bundle to multicast EID, set Report-to-EID to multicast EID

More DTN-Specific Attacks. . .

“Amplification by Fragmentation”, “Amplification by Custody Transfers”,. . . Properties of DTNs make attacks worse! What to do against malicious nodes flooding the network?

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 3

slide-6
SLIDE 6

Motivation Buffer Management Our Approach Evaluation Conclusion

Preemptive Buffer Management1

Basic Idea

Sign messages to authenticate their source ID Partition storage equally between IDs of incoming messages

Alice Bob Charlie Trudy Eve Victor

Example: Eve’s Buffer (Max: 6 Messages)

Stores messages coming from Alice, Victor, and Bob M1

Alice M2 Alice M1 Victor

M1

Bob M2 Bob

1John Solis et al. “Controlling resource hogs in mobile delay-tolerant networks”. In: Computer Communications

33.1 (May 14, 2010), pp. 2–10. Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 4

slide-7
SLIDE 7

Motivation Buffer Management Our Approach Evaluation Conclusion

Request-Response Scenario

Alice Bob Charlie Trudy Eve Victor

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 5

slide-8
SLIDE 8

Motivation Buffer Management Our Approach Evaluation Conclusion

Request-Response Scenario

Alice Bob Charlie Trudy Eve Victor

Example: Eve’s Buffer (Max: 6 Messages)

M1

Alice M2 Alice M1 Victor

M1

Bob

  • 1. Request:

M2

Bob

  • 2. Response:

drop

M1

Bob

M1

Alice M2 Alice M1 Victor

M2

Bob R1 Bob

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 5

slide-9
SLIDE 9

Motivation Buffer Management Our Approach Evaluation Conclusion

Improving Fairness?

Alice Bob Charlie Trudy Eve Victor

Eve’s Buffer: Original Scheme

  • 2. Response:

drop

M1

Bob

M1

Alice M2 Alice M1 Victor

M2

Bob R1 Bob

Changed Affiliation of Response

  • 2. Response:

drop M1

Alice

M2

Alice R1 A(B) M1 Victor

M1

Bob M2 Bob

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 6

slide-10
SLIDE 10

Motivation Buffer Management Our Approach Evaluation Conclusion

Scenario with Often Requested Server Node

Alice1 Bob (= Server) Charlie Alice2 Alice3 Eve

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 7

slide-11
SLIDE 11

Motivation Buffer Management Our Approach Evaluation Conclusion

Scenario with Often Requested Server Node

Alice1 Bob (= Server) Charlie Alice2 Alice3 Eve

Eve’s Buffer: Original Scheme

M1

A1

  • 2. Response:

M1

A2

M1

A3

R2

B

R3

B

drop

R1

B, M1 B

Changed Affiliation of Responses

M1

A1

  • 2. Response:

R1

A1(B)

M1

B

M1

A2 R2 A2(B) M1 A3

R3

A3(B)

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 7

slide-12
SLIDE 12

Motivation Buffer Management Our Approach Evaluation Conclusion

Cryptographic Background

Signing

Every node i has a public/private key pair pki, ski and an IDi Every node on the path should be able to verify the signature → Encrypt-then-Sign Encryption when sending message to Bob: c = EncpkB(m) Sign ciphertext by Alice: σ = SignskA(c) Message to be send: M = c, σ

Verification

Buffering incoming messages based on source ID Verify source ID by verifying signature: VerifypkA(c, σ)

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 8

slide-13
SLIDE 13

Motivation Buffer Management Our Approach Evaluation Conclusion

Proxy Signature: “Delegation-by-Certificate”2

A A B B A warrant ω defines the input space of the proxy signing function certificate pcert = SignskA (00 IDB pkB ω) ciphertext c1 = EncpkB (m1 ω pcert) with m1 as request content request = c1, σ1 = SignskA (11 c1) (forwarded hop-by-hop) decrypt and verify signatures proxy signing key pskB = skB , pkA, (IDB pkB ω), pcert ciphertext c2 = EncpkA (m2) with m2 as response content PSignpskB (c2) = IDB , ω, pkB , pcert, σ2 = SignskB (01 pkA c2) response = c2, Σ = PSignpskB (c2) (forwarded hop-by-hop)

2Alexandra Boldyreva et al. “Secure Proxy Signature Schemes for Delegation of Signing Rights”. In: Journal of

Cryptology 25 (1 2012), pp. 57–115. Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 9

slide-14
SLIDE 14

Motivation Buffer Management Our Approach Evaluation Conclusion

Verification of Proxy Signatures

Verification by Nodes Forwarding the Response

Verify traditional signature Verify proxy signature by PVerifypkA,pkB(c2, Σ) PVerifypkA,pkB(c2, Σ) = VerifypkA(00 IDB pkB ω, pcert) ∧ VerifypkB(01 pkA c2, σ2) ∧ (c2 ∈ ω).

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 10

slide-15
SLIDE 15

Motivation Buffer Management Our Approach Evaluation Conclusion

Application of Proxy Signatures

pcert Restrictions

Validity Restriction Certificate is only valid for a specific time frame Limited Response Responses are restricted to specific IDs by warrant ω

Message Pattern

One-time request-response Publish-subscribe Two-way communication

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 11

slide-16
SLIDE 16

Motivation Buffer Management Our Approach Evaluation Conclusion

Simulation with “The ONE” Simulator

Does our approach improve request/response success probability?

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 12

slide-17
SLIDE 17

Motivation Buffer Management Our Approach Evaluation Conclusion

Simulation with “The ONE” Simulator

Does our approach improve request/response success probability? What happens in presence of malicious nodes?

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 12

slide-18
SLIDE 18

Motivation Buffer Management Our Approach Evaluation Conclusion

Simulation with “The ONE” Simulator

Does our approach improve request/response success probability? What happens in presence of malicious nodes?

Scenario with Server Nodes (With and Without Proxy Signatures)

95 % nodes with 5 MB storage 5 % are “server” nodes with 50 MB storage 3 message types: Request, response, unidirectional

Parameter Choice Movement Model Shortest Path Connectivity Bluetooth-like Routing Model Spray-and-Wait Map Helsinki city’s central area

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 12

slide-19
SLIDE 19

Motivation Buffer Management Our Approach Evaluation Conclusion

Only Benign Nodes

Struggle for buffer space between message types Request/response success probability as a metric

20 40 60 80 100 percentage of generated request bundles 0.00 0.05 0.10 0.15 0.20 0.25 0.30 0.35 0.40 request/response success probability

with proxy signatures without proxy signatures Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 13

slide-20
SLIDE 20

Motivation Buffer Management Our Approach Evaluation Conclusion

95 % Benign and 5 % Malicious Nodes

20 40 60 80 100 percentage of generated request bundles 0.00 0.05 0.10 0.15 0.20 0.25 0.30 0.35 0.40 request/response success probability

with proxy signatures, benign nodes with proxy signatures, malicious nodes without proxy signatures, benign nodes without proxy signatures, malicious nodes Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 14

slide-21
SLIDE 21

Motivation Buffer Management Our Approach Evaluation Conclusion

Conclusion

In proper scenarios, our approach improves. . .

fairness by affiliating responses to initiating peer request/response success probability performance of mutual communications even in presence of attackers

Properties

Cryptographically secured extension to buffer management Delegation is done without central authority Delegation is delay-tolerant No further storage is needed for time based certificate restriction

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 15

slide-22
SLIDE 22

Motivation Buffer Management Our Approach Evaluation Conclusion

Conclusion

In proper scenarios, our approach improves. . .

fairness by affiliating responses to initiating peer request/response success probability performance of mutual communications even in presence of attackers

Properties

Cryptographically secured extension to buffer management Delegation is done without central authority Delegation is delay-tolerant No further storage is needed for time based certificate restriction

Questions?

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 15

slide-23
SLIDE 23

Request from A to B: request = c1, σ = SignskA(11 c1) Response from B to A: response = c2, Σ = PSignpskB(c2)

A a1 a5 a3 a4 a7 a6 a2 b3 B b4 b2 b1

Domain X Domain Y Storage buffer on a1: A a2 a3 a4 a6 a7 Y

Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 16

slide-24
SLIDE 24

Motivation Buffer Management Our Approach Evaluation Conclusion

Only Benign Nodes, 40 % Prob. to Generate Requests

1000 2000 3000 4000 5000 generation interval of new requests in seconds 0.0 0.1 0.2 0.3 0.4 0.5 request/response success probability

with proxy signatures without proxy signatures Dominik Sch¨ urmann | Resource Management in DTNs using Proxy Signatures | 17